Opened 17 years ago
Closed 17 years ago
#5983 closed (fixed)
iriencode doesn't respect safe strings
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Template system | Version: | dev |
| Severity: | Keywords: | auto-escaping | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
This happens probably since autoescape. Steps to reproduce:
- In a model, use the following:
class Admin: list_filter = ['column_a', 'column_b']
and you'll have two filters shown in the admin.
- Choose something other than "All" in the first filter
- Hover the mouse over something other than "All" in the second filter and look at the url.
Result: It will have a "&" somewhere, when it should only have a "&". It doesn't work if you click it, of course.
See also #5976 for a related bug.
Attachments (1)
Change History (5)
comment:1 by , 17 years ago
comment:2 by , 17 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
(oh, and I can confirm this buggy behaviour)
by , 17 years ago
| Attachment: | safe_iriencode.diff added |
|---|
comment:3 by , 17 years ago
| Component: | Admin interface → Template system |
|---|---|
| Has patch: | set |
| Keywords: | auto-escaping added |
| Summary: | Admin escapes ampersands in URLs when joining filters → iriencode doesn't respect safe strings |
| Triage Stage: | Accepted → Ready for checkin |
Changing the topic to reflect the real cause of the issue.
comment:4 by , 17 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
I narrowed it down to
django/contrib/admin/templates/admin/filter.html-choice.querystringisSafeData, butiriencodedoesn't respect that and it gets re-escaped.Solution seems to be marking the
iriencodefilter withis_safe, since it doesn't introduce dangerous characters - so a safe string in means a safe string out.